Researchers unveil details of organised cyber-espionage campaigns

Details of organised cyber-espionage campaigns have been unveiled by researchers who have managed to identify about 275 families of malware.

The Dell SecureWorks team also classified the malware used by various groups, some being specially configured off-the-shelf software, while other malware is customized source code of an existing remote access trojan (RAT).

The team has tracked a RAT known as Comfoo, which has been in continuous development since at least 2006.

Researchers said the RAT has maintained a fairly low profile, even though it was used as part of the breach of security firm RSA in 2010, when its code was first analysed.

While monitoring Comfoo, researchers detected over 200 variants of the trojan and 64 different campaign tags used by the threat actors to organise their campaigns.

Various government entities and private firms based in the US, Europe, and Asia Pacific had Comfoo-infected computers phoning home to the Comfoo C2 infrastructure, meaning all the data they held was insecure.

The presence of Comfoo on a network or computer can be detected in several ways, even if AV engines lack detection for the latest variants and analysts can also search for known Comfoo threat indicators in network traffic, on hard drives, in memory, or in the Windows registry.

Reuters reported that a Chinese hacking group tied to the breach of RSA has targeted a maker of audio-visual conference equipment to tap into boardroom and other high-level remote meetings.

SecureWorks researcher Joe Stewart told the news agency: "I think they were looking for the source code, because that would help them find flaws they could use to eavesdrop in further attacks."